Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect


  • This topic is locked This topic is locked

#1
catttreanor

catttreanor

    Member

  • Member
  • PipPip
  • 67 posts
Hello! I have a google redirect virus- Its the second time I've gotten it, or maybe it never came all the way off my computer. So far its only a problem with google, not other search engines, but last time it also started on Yahoo! and Bing after awhile. Help please!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what you have

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
catttreanor

catttreanor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-17 09:19:23
-----------------------------
09:19:23.020 OS Version: Windows 6.1.7600
09:19:23.020 Number of processors: 2 586 0x602
09:19:23.025 ComputerName: BETSY UserName: catt
09:19:26.775 Initialize success
09:19:45.825 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:19:45.827 Disk 0 Vendor: WDC_WD3200AAJS-08L7A0 03.03E03 Size: 305245MB BusType: 11
09:19:47.921 Disk 0 MBR read successfully
09:19:47.923 Disk 0 MBR scan
09:19:47.926 Disk 0 Windows 7 default MBR code
09:19:47.929 Disk 0 scanning sectors +625142448
09:19:48.592 Disk 0 scanning C:\windows\system32\drivers
09:20:02.359 Service scanning
09:20:04.310 Modules scanning
09:20:08.154 Disk 0 trace - called modules:
09:20:08.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
09:20:08.198 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85645298]
09:20:08.210 3 CLASSPNP.SYS[8820459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8562e908]
09:20:08.224 Scan finished successfully
09:21:41.433 Disk 0 MBR has been saved successfully to "C:\Users\catt\Desktop\MBR.dat"
09:21:41.438 The log file has been saved successfully to "C:\Users\catt\Desktop\aswMBR.txt"
  • 0

#4
catttreanor

catttreanor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OTL logfile created on: 11/17/2011 9:23:56 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\catt\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 58.01% Memory free
3.57 Gb Paging File | 2.04 Gb Available in Paging File | 57.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 272.92 Gb Total Space | 80.76 Gb Free Space | 29.59% Space Free | Partition Type: NTFS
Drive D: | 5.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 3.72 Gb Total Space | 3.61 Gb Free Space | 97.13% Space Free | Partition Type: FAT32

Computer Name: BETSY | User Name: catt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/17 09:21:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\catt\Downloads\OTL.exe
PRC - [2011/09/02 07:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 07:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/07/15 22:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/28 11:28:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 02:25:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/07 02:20:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/01 08:47:13 | 002,988,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2010/10/28 08:33:50 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/07/23 08:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2010/07/20 10:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/28 12:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\HealthCare\HealthCare.exe
PRC - [2009/08/24 07:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/07/29 16:01:10 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 10:04:58 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/10 10:04:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/13 09:00:14 | 000,176,128 | ---- | M] () -- C:\Users\catt\AppData\Local\LibmapCmds\DRMapiARM.dll
MOD - [2011/10/13 02:24:48 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:24:26 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 02:24:14 | 011,807,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll
MOD - [2011/10/13 02:23:59 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 02:23:53 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 02:23:46 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/13 02:23:33 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 02:22:39 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/04/29 05:29:11 | 001,732,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3478.18702__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/04/29 05:29:11 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3478.18776__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/04/29 05:29:11 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3478.18684__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:11 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3478.18704__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/04/29 05:29:11 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3478.18756__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:11 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3478.18737__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:11 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3478.18698__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/04/29 05:29:11 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3478.18727__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:11 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3478.18693__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:10 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3478.18693__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/04/29 05:29:10 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3478.18728__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/04/29 05:29:10 | 000,360,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3478.18724__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/04/29 05:29:10 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/04/29 05:29:10 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3478.18704__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/04/29 05:29:10 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3478.18742__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/04/29 05:29:10 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3478.18734__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/04/29 05:29:10 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3478.18692__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/04/29 05:29:10 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3478.18728__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:10 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3478.18776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/04/29 05:29:10 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3478.18775__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:10 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3478.18729__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:10 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3478.18734__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:10 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3478.18735__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/04/29 05:29:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/04/29 05:29:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/04/29 05:29:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/04/29 05:29:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/04/29 05:29:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,651,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3478.18800__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/04/29 05:29:09 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3478.18770__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/04/29 05:29:09 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/04/29 05:29:09 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3478.18769__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/04/29 05:29:09 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/04/29 05:29:09 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3478.18781__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/04/29 05:29:09 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/04/29 05:29:09 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/04/29 05:29:09 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/04/29 05:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/04/29 05:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/04/29 05:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/04/29 05:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/04/29 05:29:09 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3478.18679__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/04/29 05:29:09 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/04/29 05:29:08 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3478.18688__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/04/29 05:29:08 | 000,552,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3478.18764__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/04/29 05:29:08 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3478.18698__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/04/29 05:29:08 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3478.18680__90ba9c70f846762e\APM.Server.dll
MOD - [2010/04/29 05:29:08 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3478.18683__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/04/29 05:29:08 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3478.18681__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/04/29 05:29:08 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/04/29 05:29:08 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3478.18679__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/04/29 05:29:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/04/29 05:29:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/04/29 05:29:08 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/04/29 05:29:08 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/04/29 05:29:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/04/29 05:29:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/04/29 05:29:08 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3478.18770__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/09/09 10:25:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\HealthCare\en-us\en-us.dll
MOD - [2009/06/19 11:33:54 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/06/03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2008/09/27 09:39:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\HealthCare\HOOK.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/02 07:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/28 11:28:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 02:25:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/04 02:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/23 08:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 10:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/10 10:04:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 13:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/07/21 13:59:08 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/28 11:28:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 11:28:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 10:40:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/05 18:18:08 | 000,011,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spio.sys -- (SuperIO)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/04 22:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/03/02 12:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2008/08/06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://leftaction.co...en-US:official"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {652853ad-5592-4231-88c6-706613a52e61}:1.0.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.95
FF - prefs.js..keyword.URL: "http://search.yahoo....type=723823&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 10:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 10:40:13 | 000,000,000 | ---D | M]

[2010/11/01 08:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Extensions
[2011/11/16 16:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions
[2011/08/26 14:01:04 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2010/11/17 18:22:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/11 20:13:19 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/08/28 10:46:59 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\[email protected]
[2011/10/27 23:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/20 17:33:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/12 14:25:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/27 23:50:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/06/27 00:56:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/08/13 10:05:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DRMapiARM] C:\Users\catt\AppData\Local\LibmapCmds\DRMapiARM.dll ()
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC3054F0-C6F0-4F36-8132-BBDB287D3BA5}: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/08 00:09:23 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2009/07/08 00:17:56 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009/07/08 00:17:57 | 000,711,744 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2009/07/08 00:17:51 | 000,000,164 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 09:27:11 | 000,000,000 | ---D | C] -- C:\Users\catt\AppData\Local\LibmapCmds
[2011/10/27 23:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/10/27 23:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/04/29 05:40:04 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

========== Files - Modified Within 30 Days ==========

[2011/11/17 09:21:41 | 000,000,512 | ---- | M] () -- C:\Users\catt\Desktop\MBR.dat
[2011/11/17 08:43:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/16 17:43:01 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/13 23:58:00 | 000,000,064 | ---- | M] () -- C:\windows\System32\rp_stats.dat
[2011/11/13 23:58:00 | 000,000,044 | ---- | M] () -- C:\windows\System32\rp_rules.dat
[2011/11/12 00:47:42 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/09 11:38:11 | 000,014,240 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 11:38:11 | 000,014,240 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 03:24:45 | 000,661,830 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/11/09 03:24:45 | 000,121,018 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/11/09 03:18:44 | 000,450,824 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/11/09 03:18:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/09 03:18:20 | 1407,746,048 | -HS- | M] () -- C:\hiberfil.sys

========== Files Created - No Company Name ==========

[2011/11/17 09:21:41 | 000,000,512 | ---- | C] () -- C:\Users\catt\Desktop\MBR.dat
[2011/08/26 14:01:38 | 000,139,264 | ---- | C] () -- C:\windows\System32\gswin32c.exe
[2011/08/10 16:16:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/10 16:16:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/10 16:16:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/10 16:16:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/10 16:16:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/08/10 16:03:00 | 000,023,624 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/07/31 22:58:10 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/07/31 22:58:10 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2011/07/29 01:48:32 | 000,016,432 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/11/03 20:53:06 | 000,136,489 | ---- | C] () -- C:\windows\hphins33.dat
[2010/11/03 20:53:06 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat
[2010/04/29 06:20:41 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2010/04/29 06:20:41 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2010/04/29 05:29:18 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/08/19 01:04:16 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/08/19 01:04:16 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/08/19 01:04:16 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/07/26 19:24:14 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:33:53 | 000,450,824 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,661,830 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,121,018 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/06/05 18:18:08 | 000,011,720 | ---- | C] () -- C:\windows\System32\drivers\spio.sys

========== LOP Check ==========

[2011/11/17 09:20:45 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\BitTorrent
[2011/06/27 00:56:16 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\Catalina Marketing Corp
[2011/08/26 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\OpenOffice.org
[2010/11/03 20:23:58 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\WeatherBug
[2009/07/13 22:53:46 | 000,019,128 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/08/11 08:49:35 | 000,302,592 | ---- | M] () -- C:\f6hj8o6f.exe


< MD5 for: EXPLORER.EXE >
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >
  • 0

#5
catttreanor

catttreanor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OTL Extras logfile created on: 8/11/2011 9:36:18 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\catt\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 55.60% Memory free
3.50 Gb Paging File | 2.29 Gb Available in Paging File | 65.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 272.92 Gb Total Space | 58.85 Gb Free Space | 21.56% Space Free | Partition Type: NTFS

Computer Name: BETSY | User Name: catt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052B4734-CD9B-468F-B25D-D1E136B2C95A}" = Ad-Aware
"{0BBEB8DF-1ED7-7D73-3424-B49F8D05A1C4}" = CCC Help Swedish
"{1167AA3B-B6BE-326F-E8C7-58D9C6E86A29}" = CCC Help Polish
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1D30A106-FBCB-1652-DD4D-656054A5220E}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209E3222-E1E4-4244-A2E5-49DCEBEA1A91}" = FanSpeedControl
"{227F4174-689D-7714-A858-148DAF847093}" = ccc-utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F1227C1-3577-E4CC-F5C6-A001A3AB4D5A}" = CCC Help French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8BC348-1132-97CD-4CC0-552FC3E66C13}" = Catalyst Control Center Core Implementation
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{423FB552-4DBE-0198-DC0D-3C4C4EF5FE29}" = CCC Help Hungarian
"{4372DDC5-22DE-E9CB-4D75-CF14860C8EE9}" = Catalyst Control Center InstallProxy
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{520D02AB-5A75-6C0B-2C61-B239D7B7E388}" = CCC Help Spanish
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5C6B430D-6789-14F1-168A-16215B1902F2}" = Catalyst Control Center Graphics Full New
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ED021B0-89A3-19C3-05ED-82A4D3AADDEB}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7967C160-5F44-9D4E-34E5-73B6FA4BA832}" = Catalyst Control Center Graphics Light
"{7C6D1ED4-34DE-88B1-C8DF-C860E766C037}" = CCC Help Turkish
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BC34DB0-B70B-279C-89CB-81F158DEF765}" = CCC Help Russian
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9610EC3A-C7A0-4C31-9F3B-F9020C582B47}" = Lenovo Healthcare Software
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F6306ED-A33A-F43C-F2D4-12E94E10A12E}" = Catalyst Control Center Graphics Previews Common
"{A06E1854-1580-4157-AD70-72734D324DEA}" = Lenovo Idea Notes
"{A5420AAC-4773-48ED-A6CF-216FBA390174}" = Catalyst Control Center - Branding
"{A79C1D34-2831-4A5D-91C7-279EF892B5CF}" = Lenovo Software Instruction
"{A7F4768C-065C-DB35-3E6F-C6CA0D0E857F}" = CCC Help Dutch
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C46C83-CF59-4A5F-AD95-AED24DB07D00}" = IObit Toolbar v4.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE11CC7F-554E-6AE2-A480-EBCF0D8E95EA}" = CCC Help Chinese Standard
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{C9F06DC5-3A98-C059-50FA-5C6386B50BBA}" = CCC Help Portuguese
"{D0114FF6-2E2F-DC86-96AD-C74AA6CA960B}" = CCC Help Danish
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D4740858-DBFC-C3CB-26B5-A419EC9753E6}" = CCC Help German
"{D54A1218-16DC-48FC-232B-539DC367C0B3}" = CCC Help Korean
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D882BA58-D639-9F2F-5FD6-711D669D443D}" = CCC Help English
"{D9B2BBDC-67B0-8823-3558-E1689BF3C01F}" = ccc-core-static
"{E003CD03-25B3-EC57-5FEC-F33D00C56518}" = Catalyst Control Center Graphics Full Existing
"{E0A90E7B-F3E2-97C1-19C5-7377B5B1F008}" = CCC Help Chinese Traditional
"{E1A4FF05-9126-65A2-9297-635A76313FE1}" = CCC Help Thai
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E45DA2D1-2CA9-487C-95EF-F810A077F46F}" = Genesys USB Mass Storage Device
"{E501A9A5-295E-CCE6-BEA0-E1BFFB3E9879}" = Catalyst Control Center Graphics Previews Vista
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5BD6284-4CB5-67B7-0578-F015543030CF}" = ATI Catalyst Install Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7155AF8-057A-C444-3FB7-C63EFFB343F1}" = Catalyst Control Center Localization All
"{EA55E66C-4E0B-2268-6CDB-D3420F6213D6}" = CCC Help Greek
"{EA8E3825-AA6A-DF95-66FC-970FE25AAC16}" = CCC Help Finnish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2602F16-02D1-4F1C-99A5-E246C522A59D}" = Lenovo First Boot
"{F648F35B-3139-3D8D-F687-30DF80CCBBA8}" = CCC Help Italian
"{F679EFCA-6B45-EED7-BF1A-DF226795165F}" = CCC Help Japanese
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EADM" = EA Download Manager
"Google Chrome" = Google Chrome
"InstallShield_{209E3222-E1E4-4244-A2E5-49DCEBEA1A91}" = FanSpeedControl
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"Lenovo Idea Central" = Lenovo Idea Central
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"PROHYBRIDR" = 2007 Microsoft Office system
"VLC media player" = VLC media player 1.1.4
"Web Games Player Plugin" = Web Games Player Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/15/2011 10:00:00 PM | Computer Name = betsy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/16/2011 1:32:22 AM | Computer Name = betsy | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 7/16/2011 8:37:56 AM | Computer Name = betsy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/16/2011 8:39:56 AM | Computer Name = betsy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/16/2011 5:00:01 PM | Computer Name = betsy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/17/2011 3:17:40 PM | Computer Name = betsy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/17/2011 3:17:40 PM | Computer Name = betsy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/17/2011 8:28:15 PM | Computer Name = betsy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/17/2011 8:30:15 PM | Computer Name = betsy | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/17/2011 8:32:48 PM | Computer Name = betsy | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

[ System Events ]
Error - 7/29/2011 4:02:25 PM | Computer Name = betsy | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/29/2011 4:36:55 PM | Computer Name = betsy | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:25:00 PM on ?7/?29/?2011 was unexpected.

Error - 7/29/2011 4:36:43 PM | Computer Name = betsy | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 7/29/2011 4:36:43 PM | Computer Name = betsy | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/30/2011 3:55:04 AM | Computer Name = betsy | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 7/30/2011 12:06:27 PM | Computer Name = betsy | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/30/2011 8:31:50 PM | Computer Name = betsy | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/30/2011 8:40:07 PM | Computer Name = betsy | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 7/30/2011 8:40:07 PM | Computer Name = betsy | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/30/2011 9:30:41 PM | Computer Name = betsy | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get to work - did you install the various toolbars that you have ?

On completion of this run could you let me know if the redirects have ceased please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [DRMapiARM] C:\Users\catt\AppData\Local\LibmapCmds\DRMapiARM.dll ()
    [2011/08/11 08:49:35 | 000,302,592 | ---- | M] () -- C:\f6hj8o6f.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
catttreanor

catttreanor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
I installed the StumbleUpon toolbar.. its the only one that shows up on Mozilla, if I have more on Internet Explorer, I didn't purposely install them but I didn't notice because I don't use that browser. Here is the OTL log



OTL logfile created on: 11/18/2011 5:18:51 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\catt\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 34.93% Memory free
3.50 Gb Paging File | 2.09 Gb Available in Paging File | 59.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 272.92 Gb Total Space | 98.48 Gb Free Space | 36.08% Space Free | Partition Type: NTFS
Drive D: | 5.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 3.72 Gb Total Space | 3.61 Gb Free Space | 97.13% Space Free | Partition Type: FAT32

Computer Name: BETSY | User Name: catt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/09 10:40:11 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/11 08:34:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\catt\Downloads\OTL.scr
PRC - [2011/07/15 22:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/28 11:28:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 02:25:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/07 02:20:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/28 08:33:50 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/07/23 08:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2010/07/20 10:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/28 12:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\HealthCare\HealthCare.exe
PRC - [2009/08/24 07:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/07/29 16:01:10 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 10:04:58 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/10 10:04:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 08:34:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\catt\Downloads\OTL.scr
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/28 11:28:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 02:25:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/04 02:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/23 08:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 10:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/10 10:04:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/28 11:28:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 11:28:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 10:40:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/05 18:18:08 | 000,011,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spio.sys -- (SuperIO)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/04 22:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/03/02 12:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2008/08/06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://leftaction.co...en-US:official"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {652853ad-5592-4231-88c6-706613a52e61}:1.0.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.95
FF - prefs.js..keyword.URL: "http://search.yahoo....type=723823&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 10:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 10:40:13 | 000,000,000 | ---D | M]

[2010/11/01 08:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Extensions
[2011/11/18 16:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions
[2011/08/26 14:01:04 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2010/11/17 18:22:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/11 20:13:19 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/08/28 10:46:59 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\[email protected]
[2011/10/27 23:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/20 17:33:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/12 14:25:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/27 23:50:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/06/27 00:56:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/11/18 16:59:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/08 00:09:23 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2009/07/08 00:17:56 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009/07/08 00:17:57 | 000,711,744 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2009/07/08 00:17:51 | 000,000,164 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 15:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/13 09:27:11 | 000,000,000 | ---D | C] -- C:\Users\catt\AppData\Local\LibmapCmds
[2011/10/27 23:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/10/27 23:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/04/29 05:40:04 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

========== Files - Modified Within 30 Days ==========

[2011/11/18 17:09:04 | 000,014,240 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 17:09:04 | 000,014,240 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 17:05:52 | 000,661,830 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/11/18 17:05:52 | 000,121,018 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/11/18 17:01:40 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 17:01:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/18 17:01:34 | 1407,746,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/18 16:59:02 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/11/18 16:48:41 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/18 16:43:06 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 23:58:42 | 000,000,064 | ---- | M] () -- C:\windows\System32\rp_stats.dat
[2011/11/17 23:58:42 | 000,000,044 | ---- | M] () -- C:\windows\System32\rp_rules.dat
[2011/11/17 15:45:03 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/17 09:21:41 | 000,000,512 | ---- | M] () -- C:\Users\catt\Desktop\MBR.dat
[2011/11/12 00:47:42 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/09 03:18:44 | 000,450,824 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/11/17 15:45:03 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/17 09:21:41 | 000,000,512 | ---- | C] () -- C:\Users\catt\Desktop\MBR.dat
[2011/08/26 14:01:38 | 000,139,264 | ---- | C] () -- C:\windows\System32\gswin32c.exe
[2011/08/10 16:16:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/10 16:16:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/10 16:16:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/10 16:16:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/10 16:16:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/08/10 16:03:00 | 000,023,624 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/07/31 22:58:10 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/07/31 22:58:10 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2011/07/29 01:48:32 | 000,016,432 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/11/03 20:53:06 | 000,136,489 | ---- | C] () -- C:\windows\hphins33.dat
[2010/11/03 20:53:06 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat
[2010/04/29 06:20:41 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2010/04/29 06:20:41 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2010/04/29 05:29:18 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/08/19 01:04:16 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/08/19 01:04:16 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/08/19 01:04:16 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/07/26 19:24:14 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:33:53 | 000,450,824 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,661,830 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,121,018 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/06/05 18:18:08 | 000,011,720 | ---- | C] () -- C:\windows\System32\drivers\spio.sys

========== LOP Check ==========

[2011/11/18 16:53:56 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\BitTorrent
[2011/06/27 00:56:16 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\Catalina Marketing Corp
[2011/08/26 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\OpenOffice.org
[2010/11/03 20:23:58 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\WeatherBug
[2009/07/13 22:53:46 | 000,019,380 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you check to see whether the redirects are present in IE please, also what sites are you sent to, or is it random

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
    FF - prefs.js..extensions.enabledItems: [email protected]:4.7
    FF - prefs.js..extensions.enabledItems: {652853ad-5592-4231-88c6-706613a52e61}:1.0.0.0
    FF - prefs.js..browser.startup.homepage: "http://leftaction.co...en-US:official"
    [2011/08/26 14:01:04 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
    [2010/11/20 17:33:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/10/27 23:50:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
    [2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
    O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
    [2011/10/27 23:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP